6803 matches found
Secure WebSocket Upgrade Handler Auditor for HTTP/HTTPS Services
This Python tool implements a concurrent network auditing framework focused on testing HTTP Upgrade handling behavior, especially WebSocket upgrade negotiation. It connects directly to target servers over TCP or TLS, sends crafted upgrade requests, parses raw HTTP responses, and reports whether t...
ProjeQtor 12.4.3 SQL Injection Validator for Login Endpoints
This Python script is a defensive validation tool designed to identify potential SQL injection indicators in login functionality without modifying database contents or attempting exploitation...
Exploiting Logic Asymmetry in Modern Web Application Firewalls
This research whitepaper demonstrates that even the most modern WAFs remain vulnerable to attacks exploiting logic asymmetry in HTTP protocol processing. Real-world testing on a Weaver Ecology OA system achieved a 100% bypass rate 40/40 test cases, confirming the critical severity of this...
The Human Vulnerabilities and Exploits (HVE) Framework
The cybersecurity community has invested over two decades in building standardized frameworks, the Common Vulnerabilities and Exposures CVE system, the Common Vulnerability Scoring System CVSS, and the Common Weakness Enumeration CWE to identify, classify, and remediate threats to digital...
Secrets Best Not Shared: DNS Privacy Enhancements for the Constrained IoT
Attackers often identify DNS traffic to disrupt or compromise Internet services. While prior work has focused on encrypting queries using DNS over TLS, HTTPS, or QUIC to counter such attacks, we consider IETF protocols designed for resource-constrained IoT devices and empirically analyze the...
Multi-Domain Check Point IKEv2 Mitigation Script for CVE-2026-50751
A Check Point MDS administrative automation script that iterates through all configured management domains and updates Remote Access VPN global properties to enforce IKEv2-only encryption. The script publishes the resulting configuration changes and is intended as a mitigation measure rather than...
Now You (Still) See Me: Detecting Evasive Steganographic Payloads in LLMs
Large language models can be fine-tuned to encode prompt-borne secrets into fluent, seemingly benign outputs. This creates a steganographic exfiltration risk that is difficult to detect with output-level steganalysis. Recent work proposes mechanistic detection using linear probes that recover the...
The Chronicles of Radio Frequency Fingerprinting
Radio Frequency Fingerprinting RFF has evolved from an early idea for radar emitter identification into a broad research field for wireless device identification and spectrum monitoring for security. Rather than presenting a conventional literature survey, this work provides a critical historical...
Wazuh 4.14.2 Security Scanner
This Python script is a non-exploitative security scanner designed to test basic responsiveness and message handling behavior of a Wazuh cluster communication endpoint...
Revive Adserver 6.0.6 Security Auditor
This script is a defensive security auditing utility designed to identify exposed services, review configuration weaknesses, and collect security posture information from a Revive Adserver deployment without performing direct exploitation...
Customization under Fire: Plugin Poisoning in Text-To-Image Ecosystem
The prosperity of text-to-image T2I models has fostered a vibrant share-and-play ecosystem centered on Low-Rank Adaptation LoRA plugins, which allow users to customize and share model capabilities with ease. This democratization, however, comes with a hidden but severe security risk. Malicious...
RadKey: An LLM-Guided RF Backscatter System for Through-Wall Keystroke Inference
In today's digitally connected world, keyboards remain the primary interface for inputting sensitive information, making them a persistent target for eavesdropping attacks. While prior keystroke inference techniques have exploited side-channel signals such as acoustics and vibrations, they...
Hardware-Aware QAOA for Honeypot Traffic Partitioning on 100+ Qubit IBM Quantum Processors
Denial-of-service DoS and distributed denial-of-service DDoS mitigation requires separating malicious traffic from benign traffic while minimizing disruption to legitimate users. Prior work proposed mapping honeypot traffic partitioning to a weighted MaxCut problem and solving the resulting graph...
RECON: An LLM-Enhanced Backward Constraint Analysis Framework
While traditional techniques, such as symbolic execution, provide a principled foundation for precise constraint reasoning in program analysis, they struggle to scale to modern software systems mainly due to path explosion, the need for function modeling, and the loss of semantic intent at...
UniFi OS Server Unauthenticated Remote Code Execution Chain Detection Script
This tool is a safe detector for the unauthenticated remote code execution chain in UniFi OS Server versions 5.0.6 and below, as disclosed in Ubiquiti Security Advisory Bulletin 064...
Model Poisoning against Federated Model Adaptation with Chain of Bit-Flips
Federated Learning FL allows a set of clients to collectively train a global model without sharing local training data. Giving the responsibility of the training to decentralized actors may lead to poisoning attacks: clients controlled by malicious third party potentially poison the training...
Windows Notepad WebDAV UNC Reference Markdown File Generator
This Metasploit auxiliary module is a file-format generation tool intended for security testing of a CVE-2026-20841 related to Windows Notepad Markdown handling. It produces a Markdown file containing a UNC WebDAV-style path embedded as a clickable link for behavioral analysis...
Windows 11 Hardening Auditor for WinRE and BitLocker
This Python-based Windows security utility performs defensive auditing and mitigation tasks focused on Windows Recovery Environment WinRE and CVE-2026-45585, BitLocker protection policies, Secure Boot, TPM configuration, and boot-time execution integrity on Windows 11 systems...
Security-First Approach to API Pipeline Development with Zero-Trust Architecture
Modern enterprises face an accelerating onslaught of API-targeted threats amid a rapidly expanding attack surface. Record volumes of software vulnerabilities continue to accelerate dramatically, with 28,818 CVEs disclosed in 2023 a 38% jump from 2022 and 40,009 CVEs in 2024 another 38% increase,...
AI Assurance in UK Defence: Challenges in Operationalising JSP 936
This report examines practical challenges in operationalising JSP 936 Part 1 for AI assurance in UK Defence. Using a structured interpretive review of the directive's requirements, the analysis identifies eight thematic challenge areas adequacy of evidence and argument, management of human...
Data Agents under Attack: Vulnerabilities in LLM-Driven Analytical Systems
Data agents integrate LLM-driven reasoning with relational data access, executable analytical tools, and multi-step workflow orchestration, making them increasingly central to enterprise analytics. This integration introduces new security vulnerabilities across data resources, database execution,...
AutoSUT: The Environment Semantics Gap in Structured CTI for Adversary Emulation
Structured Cyber Threat Intelligence CTI is increasingly used for adversary emulation, detection evaluation, and cyber range design. However, these workflows still require a target System Under Test SUT whose environment is not fully described by public CTI. We measure how much of that environmen...
NCMD: Benign-Anchored Feature Selection for Imbalanced Network Intrusion Detection
Feature selection is critical for network intrusion detection systems NIDS operating under high-dimensional, highly imbalanced traffic, as found in operational and defense networks. Traditional filter methods rank features using global statistics computed symmetrically across classes and thus fai...
Hardening Agent Benchmarks with Adversarial Hacker-Fixer Loops
Agent benchmarks score submissions with outcome verifiers that are typically hand-written and brittle, leaving them open to reward hacking. We audit 1,968 tasks across five terminal-agent benchmarks and find 323 16% hackable by frontier models given only the task description. This corrupts both...
GitInject: Real-World Prompt Injection Attacks in AI-Powered CI/CD Pipelines
AI-powered agents are increasingly embedded in continuous integration and continuous delivery/deployment CI/CD pipelines to autonomously review pull requests PRs, triage issues, and maintain codebases. These agents ingest untrusted content while operating with elevated repository permissions,...
An AI Security Agent for University ACMIS: Multi-Vector Threat Detection and Automated Response
University Academic Management Information Systems ACMIS are high-value targets for a wide spectrum of security threats including brute-force login attacks, payment fraud, privilege escalation, insider data theft, and academic integrity violations. Traditional rule-based intrusion detection syste...
ARTA: Adaptive Reinforcement-Learning-Based Throttling Agent for RowHammer Vulnerabilities
RowHammer vulnerability continues to intensify with DRAM scaling, reducing the activation threshold needed to induce bitflips and rendering existing defenses such as TRR, ECC, and refresh-based mechanisms vulnerable to sophisticated multi-bank hammering patterns. This work presents ARTA, a...
Closing the Sim-To-Real Gap: An Evaluation Framework for Autonomous Cyber Defense Configuration of Commercial EDR
Leading commercial endpoint detection and response EDR products have shifted from operator-configured rule sets to multi-component systems where autonomous AI components operate alongside, and increasingly in place of, operator-deployed policies. Autonomous defense agents using commercial EDR as...
Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection
Text-centered prompt-injection defenses assume that the malicious signal is visible in one of the inspected text views. We study a reproducible LLM01-style indirect prompt/content-injection failure mode where that assumption breaks: a payload caught in plain English slips past the same detector...
ClickFix Server Creation
This Metasploit module creates a web server which hosts a ClickFix type exploit. When a user visits the site they are given instructions on pasting our payload into a run dialog. When using a custom html page, please use INSERTPAYLOADHERE as the spot to put the generated payload in...
Rethinking IoT Intrusion Detection: Augmenting Routing Metrics with Radio Features
Machine learning-based intrusion detection systems IDS for RPL-based IoT networks often rely solely on routing layer features, which provide only a partial view of network behaviour. In this work, we investigate whether incorporating Transmit TX and Receive RX radio features alongside the standar...
The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis Via Audio Signals
Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and...
Synthetic APTs: The Collapse of TTP-Based Attribution
Cyber Threat Intelligence CTI attribution relies on identifying the Tactics, Techniques, and Procedures TTPs that distinguish one threat actor from another. This approach presupposes that each adversary leaves a recognizable operational fingerprint. This work investigates whether AI driven...
POISE: Position-Aware Undetectable Skill Injection on LLM Agents
Agent skills provide a lightweight mechanism for extending general-purpose agents, but their open format exposes them to skill-poisoning attacks. A practically dangerous injection must stay invisible: if executing the payload derails the user's legitimate task, the resulting failure signal invite...
MOLOT System Card: Malicious Operational Logic Observation Transformer
MOLOT Malicious Operational Logic Observation Transformer is a static malicious-code detection system designed for SAST setup where package metadata, maintainer history, and dynamic execution traces may be unavailable or unreliable. The system represents source code as behavior sequences derived...
MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills
AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chai...
Lost in Migration: Exposing Android Framework Vulnerabilities in Parallel Java-Kotlin Implementations
Android has adopted Kotlin alongside Java across apps and core system components. During this shift, we observe parallel implementations in the Android Open Source Project AOSP where the same component is implemented in both Java and Kotlin. In principle, their functional purposes are identical. ...
ScaleDisturb: Exploiting Temporal Asymmetry to Amplify Read Disturbance in Modern DRAM Chips
DRAM suffers from read disturbance phenomena e.g., RowHammer and RowPress, where repeatedly accessing or continuously keeping open a DRAM row aggressor row induces bitflips in other physically nearby unaccessed rows victim rows. The disturbance mechanism is practically exploitable from the softwa...
Demand-Driven Vulnerability Detection for Cloud Security Posture Management: Removing Human Rule Authoring from the Disclosure-To-Protection Critical Path
Cloud Security Posture Management CSPM systems detect known vulnerabilities by maintaining a rule set, distributing it to customers, and evaluating it against periodically-collected asset inventories. To our knowledge, in publicly documented architectures the rule set is environment-agnostic and...
Revive Adserver 6.0.6 XSS / SQL Injection / Code Injection
Revive Adserver versions 6.0.6 and below suffer from access control, code injection, cross site scripting, and remote SQL injection vulnerabilities...
RecurGuard: Runtime Monitoring for Reasoning-Token Consumption Attacks
Reasoning-capable large language models can be induced to spend their generation budget on injected decoy tasks rather than answering the user's question, causing denial of service when no final answer is produced and denial of wallet when excess output tokens are billed. Input-side safety...
FIFOFox: Windows Named-Pipe Security Auditor and Fuzzer
FIFOFox is a Windows named-pipe security assessment tool for identifying weak pipe permissions, pipe-squatting exposure, and named-pipe impersonation attack paths. It combines passive auditing with authorized active testing, including fuzzing and interception-style capture, to help defenders find...
Ternary Public-Key Cryptosystem
Public-key cryptosystems eliminate the requirement for pre-shared secret keys by enabling encryption with a publicly disclosed key and decryption with a corresponding private key. In this article we generalize the public-key cryptosystems to ternary algebraic structures, with particular attention...
FDM: A Framework for Decision-Making to Build ML-Based Malware Detection Systems
Selecting appropriate machine learning ML configurations for malware detection is a complex, multi-criteria problem. Model choice, feature engineering, and update mechanisms must jointly satisfy operational constraints that vary across deployment contexts. This paper proposes the Framework for...
Lyrion Music Server 9.2.0 metadata Persistent Cross Site Scripting
Lyrion Music Server version 9.2.0 stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding, resulting in persistent cross site scripting. An attacker who gets a file with a malicious tag into...
Beyond Pass/Fail: Using Process Mining to Understand How LLMs Resist (And Fail) Red Team Attacks
Standard AI red teaming evaluations reduce adversarial campaigns to a single binary outcome, attack success rate ASR, not taking into account the sequential structure of how models resist or yield to attacks. We propose applying process mining, a discipline for discovering and analyzing process...
Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography
The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...
Drupal Core SQL Injection Scanner
CVE-2026-9082 is a remote SQL Injection vulnerability in Drupal Core's database abstraction layer. It affects only sites using PostgreSQL as the database backend. This code simply checks to see if vulnerability endpoints exist and reports back. It is not an exploit...
Cognitive Threat Intelligence and Explainable Federated Security Analytics for Distributed Infrastructure Systems
The increasing adoption of distributed infrastructure systems, cloud computing, Internet of Things IoT technologies, and edge-based architectures has significantly expanded the cybersecurity attack surface and introduced increasingly sophisticated cyber threats. Conventional centralized intrusion...
Joern 4.0.554
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...